SNS ProTip for SIEM: Troubleshooting ESM 9.x Policy Editor Rollout

SNS ProTip for SIEM: Troubleshooting ESM 9.x Policy Editor Rollout

To help you maximize your SIEM deployment, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links to in-depth KnowledgeBase resources.

Issue: While attempting to perform a policy rollout in the SIEM ESM 9.x Policy Editor, errors appear indicating the rollout has failed.

Cause: Most likely these errors are cause by invalid custom rules, a corrupt rules file, and invalid data source settings.

Resolution: Solutions include: performing a manual rules update, checking for invalid data source settings, checking for errors rolling out policy on an IPS' For more information and step-by-step instructions on how to troubleshoot, see KB82389 — How to troubleshoot SIEM policy rollout issues.